• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1269-1277
• /
• 2016

European Union and United States have introduced new Privacy Shield agreement after decision of Court of Justice of the European Union which invalidated Safe Harbor agreement. Privacy Shield agreement contains several clauses to raise the level of personal data protection such as enhanced commitments, stronger enforcement, clear safeguards and transparency obligations, and effective protection of EU citizens' rights with several redress possibilities. This agreement has received positive response as an enhanced measure for personal data protection. This paper examines EU and US discussion history and current situation regarding Privacy Shield and suggests national policy direction such as measures for personal data transborder flow system improvement and international cooperation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.575-590
• /
• 2022

Recently, organizations are increasing their investment to protect information resources from information security(IS) threats through the adoption of IS policies and technologies. However, IS incidents occur in a variety of ways, such as intrusions from outside the organization and exposure to the inside. Our study presented the negative effects of IS role stress on organizational insiders and suggested factors from the organizational and individual perspectives for mitigating IS role stress. We conducted a survey on employees of companies that introduced and applied IS policies to their work and tested the hypothesis using 329 samples. As a result, IS organization justice reduced IS role stress and strengthened IS positive psychological capital, thereby affecting the IS compliance intention of employees. Also, IS positive psychological capital moderated the relationship between IS stress and IS compliance intention. This study contributes to the achievement of internal IS goals by suggesting the conditions that affect the IS compliance behavior of employees in terms of the organizational environment and individual characteristics

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.27-37
• /
• 2012

Internet privacy has become a significant issue in recent years in light of the sharp increase in internet-based social and economic activities. The technology which collects, processes and disseminates personal information is improving significantly and the demand for personal information is rising given its inherent value in regard to targeted marketing and customized services. The high value placed on personal information has turned it into a commodity with economic worth which can be transacted in the marketplace. Therefore, it is strongly required to approach the issue of privacy from economic perspective in addition to the prevailing approaches. This article analyzes the behaviors of consumers and firms in gathering personal information, and shielding it from unauthorized access, using a game theory framework in which players strive to do their best under the given conditions. The analysis shows that there exist no market forces which require all firms to respect consumer privacy, and that government intervention in the form of a nudging incentive for information sharing and/or strict regulation is necessary.

• Informatization Policy
• /
• v.31 no.2
• /
• pp.82-104
• /
• 2024

Smart home services are growing rapidly as the development of the Internet of Things (IoT) opens the era of the so-called "Connected Living." Although personal information leaks through smart home cameras are increasing, however, users-while concerned-tend to take passive measures to protect their personal information. This study theoretically explained and verified how to design effective software update notification messages for smart home cameras to ensure that users comply with the recommended security behavior (i.e., update installation). In a survey experiment participated in by 120 actual users, the effectiveness of both emotional appeals (i.e., security breach warning images for fear appeals) and rational appeals (i.e., loss-framed messages emphasizing the negative consequences of not installing the updates) were confirmed. The results of this study provide theoretical interpretations and practical guidelines on the message design features that are effective for threat appraisals (i.e., severity, vulnerability) of smart home camera users and their protection motivation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.691-701
• /
• 2015

Recently, with the growing number of services using personal information, government offices' tasks have become more dependent to personal information. Various policies and systems have been made and managed for the safe use of personal information in the circumstances that inevitably require the use of personal information, but the personal information privacy incidents and their scale are on a constant increase. Thus, Korea has been implementing personal information protection management system since 2008 to examine whether public organizations observe the personal information protection act and to how well they manage the personal information, and to improve what is insufficient in the process. However, despite high scores of the outcomes of the system, questions about the effectiveness of the outcomes and about the actual manage level are being raised. Thus, this study seeks to analyze public organizations' activities to protect personal information and the effectiveness of their foundation efforts for them by using the DEA model, and to propose a new model to enhance the effectiveness of the outcomes of personal information protection management system by reflecting them into the outcomes of system, using the derived effectiveness.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.1
• /
• pp.165-175
• /
• 2023

As the reduction of information exposure threats by organization insiders contributes to achieving information security(IS) goals, organizations are establishing strict IS policies applicable to insiders and increasing investment in IS systems. However, since IS incidents cause damage to an organization even by malicious information exposure by one person, psychological support for strengthening IS compliance behavior by insiders. This study aims to confirm how the uncertain organizational environment related to IS affects individual IS-related behavior. We surveyed insiders of organizations operating IS policies and tested the hypothesis using 440 samples. As a result, IS technology and communication uncertainty reduced IS voice behavior through IS prospective anxiety, and individuals' susceptibility to information influence moderated the relationship between IS technology, communication, and prospective anxiety and IS voice behavior. Our results suggest the necessity and direction of supplementing the uncertain IS environment in practice.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.33-38
• /
• 2019

In this paper, we propose a new blockchain technology that could comply with GDPR. The proposed model can prevent illegal access by controlling access to the personal information according to a access policy. For example, it can control access to the information on a role-basis and information validation period. The core mechanism of the proposed model is to encrypt the personal information with public key which is associated with users attributes policy, and then decrypt it with a private key and users attributes based on a Attribute-based Encryption scheme. It can reduce a trusted third-part risk by replacing it with a number of nodes selected from the blockchain. And also the private key is generated in the form of one-time token to improve key management efficiency. We proved the feasibility by simulating the proposed model using the chaincode of the Hyperledger Fabric and evaluate the security.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.2
• /
• pp.427-436
• /
• 2024

Recently, the importance of information security (IS) has been socially recognized, leading organizations to adopt IS policies, secure specialized personnel, and demand IS compliance from employees. However, the implementation of these policies can disrupt existing work processes, causing resistance among employees. This study aims to elucidate the mechanism linking work stress, caused by IS policies that do not consider the work system, to individual job burnout and IS policy resistance. We established a research model and hypotheses based on previous studies and utilized structural equation modeling with data collected from organization members of companies that have implemented IS policies. The results of the structural equation modeling confirmed that work ambiguity and work impediment are linked to IS policy resistance through job burnout, characterized by emotional exhaustion and disengagement. Our findings suggest that the swift implementation of IS policies can provoke a backlash from employees, with stress being the primary cause. This paradoxically indicates the need for the development of organization-specific IS policies.